CVE-2020-37089

High CVSS: 7.1

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete database information.

Vendor

Arox

Product

School Erp Pro

CWE

CWE-89

Yayın Tarihi

2026-02-03 22:16:24

Güncelleme

2026-02-10 17:02:57

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-89 School Erp Pro HIGH Arox 2026

Referanslar

https://web.archive.org/web/20190612111732/https://sourceforge.net/projects/school-erp-ultimate/ https://web.archive.org/web/20200129123503/http://arox.in/ https://www.exploit-db.com/exploits/48390 https://www.vulncheck.com/advisories/school-erp-pro-esmessagesid-sql-injection

Benzer Kayıtlar

High

CVE-2020-37084

School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitr…

High

CVE-2020-37090

School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messag…

High

CVE-2020-37088

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary file…